In conjunction with other Irish banks and the BPFI, the following video has been produced. The video gives an explanation of the changes arising through PSD2.
On the 13 January 2018 new legislation (Directive (EU) 2015/2366 on Payment Services, commonly known as "PSD2") will come into force which will allow you to share your online banking security credentials with regulated Third Party Providers (TPPs) in order to avail of new account information and payment services.
It is important to note that once you provide your credentials to a TPP the TPP will be able to view all the account(s) that are visible to you in Open24/Business24 (including joint accounts).
There are two main types of Third Party Providers that will become increasingly popular over the coming months, these are Payment Initiation Service Providers (PISPs) and Account Information Service Providers (AISPs).
Any company or entity that wants to offer either of these services must be authorized by a regulatory authority in the European Economic Area (EEA) such as the Central Bank of Ireland.
It is important to note that not all TPPs will be regulated in Ireland. TPPs regulated anywhere within the EEA are allowed to operate across the EEA. So, it is important that you satisfy yourself that the TPP you’re dealing with is regulated – one way to confirm this is by seeking proof from the TPP of their regulated status. You should never share your online credentials with a non-regulated TPP.
In order for a TPP to access your accounts you will have to give them your explicit consent. They may ask you for various pieces of information regarding your banking relationships, including your online banking security credentials. Sharing these credentials (Open24 or Business24 number, Password and PAN) with a TPP will be taken as you consenting to them accessing your account details.
A TPP should never request your card details (16-digit number, expiry date or CVV) therefore, you should not share these details with anyone as per the Terms and Conditions of your account. If you have shared these with a third party you should contact our Lost and Stolen Card line immediately.
Once you provide the TPP with your online credentials they will be able to see and access all of the accounts that you can see when you log in to Open24 or Business24, this will include:
However, it is important to note that under PSD2 and Data Protection legislation, TPPs should only view the payment accounts that you have given them permission to access (i.e. current account, credit card, etc.).
In the case of joint accounts it is up to you to ensure that you have the permission of all the other parties to these accounts before granting access to a TPP.
If you do choose to use the services of a TPP you should continue to monitor your account closely as well as keeping your online credentials safe and secure. If you are concerned by any unusual behaviour on your accounts please call Open24 at 0818 50 24 24.
Remember that you should only share your account online security credentials with regulated TPPs and no-one else.
You can withdraw your consent at any time by contacting the TPP directly. All regulated TPPs should provide you with a way of doing this. If you have contacted them but are concerned that they are still accessing your accounts, you can phone Open24 at 0818 50 24 24 and we will issue you with new security credentials. Please be aware that this will lock access to your accounts for all TPPs.